DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Pell City notifies residents of vendor breach

Posted on November 12, 2020 by Dissent

On September 20, this site noted a breach impacting some residents of Pell City, Alabama.  At that time, there were many unanswered questions based on the little the city had disclosed.

Now they have published a press release that reveals that the breach involved their vendor, Technology Management Resources (TMR). The TMR breach had been described by Arkansas Methodist Medical Center in its own breach disclosure last month. In that disclosure, they had written:

 On July 3, 2020, TMR discovered that a TMR employee’s user account had been compromised. AMMC was notified of this incident on August 24, 2020 and has been actively seeking information regarding the incident to be able to provide this notice.

Upon discovery of the incident, TMR reported that they secured the account and began an investigation in consultation with external cybersecurity professionals. TMR has stated that their investigation determined that the threat actor may have viewed images of checks and related images containing potential Protected Health Information (PHI) related to customers of Arkansas Methodist Medical Center. According to TMR, the threat actor activity occurred between August 5, 2018 and May 31, 2020, with the bulk of the activity occurring between February and May 2020. TMR notified the FBI of this incident.

Pell City, Alabama notes that 1,050 of their residents were impacted, but their notification gives a different date range that TMR gave them:

The City of Pell City has been informed of a potential security breach at Technology Management Resources, Inc. (TMR), which aids Valley Bank in processing check payments for utility customers.  TMR has disclosed that an unknown third-party had access to the processing files, which contained scanned check images, from May 1 to May 3, 2020 and from June 1 to July 1, 2020.

This matter has been reported to the FBI for criminal investigation and TMR has engaged independent cybersecurity and forensics professionals to assess the situation.  As of this date, there is no indication that the exposed information has been misused, disseminated, or made publically available.

In Pell City’s case, the exposed information includes the “name, address, checking account number, ABA routing number, and any other information appearing on the front of the check.”

DataBreaches.net sent an email inquiry earlier this morning to TMR seeking clarification as to the timeframe of the breach and to ask how many people, total, were being notified nationwide, but received no immediate reply. This post will be updated when a response is received.

Related posts:

  • Another Technology Management Resources client reports a data breach
  • Arkansas Methodist Medical Center Notification of Technology Management Resources Security Incide
  • 34 more india sites hacked and defaced by Bangladesh Cyber Army
Category: Breach IncidentsGovernment SectorSubcontractor

Post navigation

← Breach Lawsuit Spotlights Complex Vendor Issues
“Email Appender” Implants Malicious Emails Directly Into Mailboxes →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.